/

Official (ISC)2 Guide to the CISSP CBK Reference

Warsinske, John Graff, Mark Henry, Kevin Se alle
Innbundet / 2019 / Engelsk

Produktdetaljer

ISBN
9781119423348
Publisert
2019-06-07
Utgiver
Vendor
John Wiley & Sons Inc
Vekt
1490 gr
Høyde
263 mm
Bredde
173 mm
Dybde
51 mm
Aldersnivå
06, P
Språk
Product language
Engelsk
Format
Product format
Innbundet
Antall sider
928

Forfatter
Warsinske, John
Graff, Mark
Henry, Kevin
Hoover, Christopher
Malisow, Ben
Murphy, Sean
Oakes, C. Paul
Pajari, George
Parker, Jeff T.
Seidl, David

Biographical note

This common body of knowledge is written and reviewed by a collection of experienced CISSP experts from a range of information security roles and organizations.

Official (ISC)2 Guide to the CISSP CBK Reference

Warsinske, John Graff, Mark Henry, Kevin Se alle
Innbundet / 2019 / Engelsk
Warsinske, John Graff, Mark Henry, Kevin Se alle
Innbundet / 2019 / Engelsk
Nettpris:
973,-
Laveste pris siste 30 dager: 973,-
Levering 7-20 dager
Klikk og hent
The only official, comprehensive reference guide to the CISSP All new for 2019 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024. This CBK covers the new eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Written by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with: Common and good practices for each objective Common vocabulary and definitions References to widely accepted computing standards Highlights of successful approaches through case studies Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.
Les mer
Foreword xxv Introduction xxvii Domain 1: Security and Risk Management 1 Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2 Information Security 3 Evaluate and Apply Security Governance Principles 6 Alignment of Security Functions to Business Strategy, Goals, Mission, and Objectives 6 Vision, Mission, and Strategy 6 Governance 7 Due Care 10 Determine Compliance Requirements 11 Legal Compliance 12 Jurisdiction 12 Legal Tradition 12 Legal Compliance Expectations 13 Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context 13 Cyber Crimes and Data Breaches 14 Privacy 36 Understand, Adhere to, and Promote Professional Ethics 49 Ethical Decision-Making 49 Established Standards of Ethical Conduct 51 (ISC)(2) Ethical Practices 56 Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 57 Organizational Documents 58 Policy Development 61 Policy Review Process 61 Identify, Analyze, and Prioritize Business Continuity Requirements 62 Develop and Document Scope and Plan 62 Risk Assessment 70 Business Impact Analysis 71 Develop the Business Continuity Plan 73 Contribute to and Enforce Personnel Security Policies and Procedures 80 Key Control Principles 80 Candidate Screening and Hiring 82 Onboarding and Termination Processes 91 Vendor, Consultant, and Contractor Agreements and Controls 96 Privacy in the Workplace 97 Understand and Apply Risk Management Concepts 99 Risk 99 Risk Management Frameworks 99 Risk Assessment Methodologies 108 Understand and Apply Threat Modeling Concepts and Methodologies 111 Threat Modeling Concepts 111 Threat Modeling Methodologies 112 Apply Risk-Based Management Concepts to the Supply Chain 116 Supply Chain Risks 116 Supply Chain Risk Management 119 Establish and Maintain a Security Awareness, Education, and Training Program 121 Security Awareness Overview 122 Developing an Awareness Program 123 Training 127 Summary 128 Domain 2: Asset Security 131 Asset Security Concepts 131 Data Policy 132 Data Governance 132 Data Quality 133 Data Documentation 134 Data Organization 136 Identify and Classify Information and Assets 139 Asset Classification 141 Determine and Maintain Information and Asset Ownership 145 Asset Management Lifecycle 146 Software Asset Management 148 Protect Privacy 152 Cross-Border Privacy and Data Flow Protection 153 Data Owners 161 Data Controllers 162 Data Processors 163 Data Stewards 164 Data Custodians 164 Data Remanence 164 Data Sovereignty 168 Data Localization or Residency 169 Government and Law Enforcement Access to Data 171 Collection Limitation 172 Understanding Data States 173 Data Issues with Emerging Technologies 173 Ensure Appropriate Asset Retention 175 Retention of Records 178 Determining Appropriate Records Retention 178 Retention of Records in Data Lifecycle 179 Records Retention Best Practices 180 Determine Data Security Controls 181 Technical, Administrative, and Physical Controls 183 Establishing the Baseline Security 185 Scoping and Tailoring 186 Standards Selection 189 Data Protection Methods 198 Establish Information and Asset Handling Requirements 208 Marking and Labeling 208 Handling 209 Declassifying Data 210 Storage 211 Summary 212 Domain 3: Security Architecture and Engineering 213 Implement and Manage Engineering Processes Using Secure Design Principles 215 Saltzer and Schroeder's Principles 216 ISO/IEC 19249 221 Defense in Depth 229 Using Security Principles 230 Understand the Fundamental Concepts of Security Models 230 Bell-LaPadula Model 232 The Biba Integrity Model 234 The Clark-Wilson Model 235 The Brewer-Nash Model 235 Select Controls Based upon Systems Security Requirements 237 Understand Security Capabilities of Information Systems 241 Memory Protection 241 Virtualization 244 Secure Cryptoprocessor 247 Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 253 Client-Based Systems 254 Server-Based Systems 255 Database Systems 257 Cryptographic Systems 260 Industrial Control Systems 267 Cloud-Based Systems 271 Distributed Systems 274 Internet of Things 275 Assess and Mitigate Vulnerabilities in Web-Based Systems 278 Injection Vulnerabilities 279 Broken Authentication 280 Sensitive Data Exposure 283 XML External Entities 284 Broken Access Control 284 Security Misconfiguration 285 Cross-Site Scripting 285 Using Components with Known Vulnerabilities 286 Insufficient Logging and Monitoring 286 Cross-Site Request Forgery 287 Assess and Mitigate Vulnerabilities in Mobile Systems 287 Passwords 288 Multifactor Authentication 288 Session Lifetime 289 Wireless Vulnerabilities 290 Mobile Malware 290 Unpatched Operating System or Browser 290 Insecure Devices 291 Mobile Device Management 291 Assess and Mitigate Vulnerabilities in Embedded Devices 292 Apply Cryptography 295 Cryptographic Lifecycle 295 Cryptographic Methods 298 Public Key Infrastructure 311 Key Management Practices 315 Digital Signatures 318 Non-Repudiation 320 Integrity 321 Understand Methods of Cryptanalytic Attacks 325 Digital Rights Management 339 Apply Security Principles to Site and Facility Design 342 Implement Site and Facility Security Controls 343 Physical Access Controls 343 Wiring Closets/Intermediate Distribution Facilities 345 Server Rooms/Data Centers 346 Media Storage Facilities 348 Evidence Storage 349 Restricted and Work Area Security 349 Utilities and Heating, Ventilation, and Air Conditioning 351 Environmental Issues 355 Fire Prevention, Detection, and Suppression 358 Summary 362 Domain 4: Communication and Network Security 363 Implement Secure Design Principles in Network Architectures 364 Open Systems Interconnection and Transmission Control Protocol/Internet Protocol Models 365 Internet Protocol Networking 382 Implications of Multilayer Protocols 392 Converged Protocols 394 Software-Defined Networks 395 Wireless Networks 396 Internet, Intranets, and Extranets 409 Demilitarized Zones 410 Virtual LANs 410 Secure Network Components 411 Firewalls 412 Network Address Translation 418 Intrusion Detection System 421 Security Information and Event Management 422 Network Security from Hardware Devices 423 Transmission Media 429 Endpoint Security 442 Implementing Defense in Depth 447 Content Distribution Networks 448 Implement Secure Communication Channels According to Design 449 Secure Voice Communications 449 Multimedia Collaboration 452 Remote Access 458 Data Communications 466 Virtualized Networks 470 Summary 481 Domain 5: Identity and Access Management 483 Control Physical and Logical Access to Assets 484 Information 485 Systems 486 Devices 487 Facilities 488 Manage Identification and Authentication of People, Devices, and Services 492 Identity Management Implementation 494 Single Factor/Multifactor Authentication 496 Accountability 511 Session Management 511 Registration and Proofing of Identity 513 Federated Identity Management 520 Credential Management Systems 524 Integrate Identity as a Third-Party Service 525 On-Premise 526 Cloud 527 Federated 527 Implement and Manage Authorization Mechanisms 528 Role-Based Access Control 528 Rule-Based Access Control 529 Mandatory Access Control 530 Discretionary Access Control 531 Attribute-Based Access Control 531 Manage the Identity and Access Provisioning Lifecycle 533 User Access Review 534 System Account Access Review 535 Provisioning and Deprovisioning 535 Auditing and Enforcement 536 Summary 537 Domain 6: Security Assessment and Testing 539 Design and Validate Assessment, Test, and Audit Strategies 540 Assessment Standards 543 Conduct Security Control Testing 545 Vulnerability Assessment 546 Penetration Testing 554 Log Reviews 564 Synthetic Transactions 565 Code Review and Testing 567 Misuse Case Testing 571 Test Coverage Analysis 573 Interface Testing 574 Collect Security Process Data 575 Account Management 577 Management Review and Approval 579 Key Performance and Risk Indicators 580 Backup Verification Data 583 Training and Awareness 584 Disaster Recovery and Business Continuity 585 Analyze Test Output and Generate Report 587 Conduct or Facilitate Security Audits 590 Internal Audits 591 External Audits 591 Third-Party Audits 592 Integrating Internal and External Audits 593 Auditing Principles 593 Audit Programs 594 Summary 596 Domain 7: Security Operations 597 Understand and Support Investigations 598 Evidence Collection and Handling 599 Reporting and Documentation 601 Investigative Techniques 602 Digital Forensics Tools, Techniques, and Procedures 604 Understand Requirements for Investigation Types 610 Administrative 611 Criminal 613 Civil 614 Regulatory 616 Industry Standards 616 Conduct Logging and Monitoring Activities 617 Define Auditable Events 618 Time 619 Protect Logs 620 Intrusion Detection and Prevention 621 Security Information and Event Management 623 Continuous Monitoring 625 Ingress Monitoring 629 Egress Monitoring 631 Securely Provision Resources 632 Asset Inventory 632 Asset Management 634 Configuration Management 635 Understand and Apply Foundational Security Operations Concepts 637 Need to Know/Least Privilege 637 Separation of Duties and Responsibilities 638 Privileged Account Management 640 Job Rotation 642 Information Lifecycle 643 Service Level Agreements 644 Apply Resource Protection Techniques to Media 647 Marking 647 Protecting 647 Transport 648 Sanitization and Disposal 649 Conduct Incident Management 650 An Incident Management Program 651 Detection 653 Response 656 Mitigation 657 Reporting 658 Recovery 661 Remediation 661 Lessons Learned 661 Third-Party Considerations 662 Operate and Maintain Detective and Preventative Measures 663 White-listing/Black-listing 665 Third-Party Security Services 665 Honeypots/Honeynets 667 Anti-Malware 667 Implement and Support Patch and Vulnerability Management 670 Understand and Participate in Change Management Processes 672 Implement Recovery Strategies 673 Backup Storage Strategies 673 Recovery Site Strategies 676 Multiple Processing Sites 678 System Resilience, High Availability, Quality of Service, and Fault Tolerance 679 Implement Disaster Recovery Processes 679 Response 680 Personnel 680 Communications 682 Assessment 682 Restoration 683 Training and Awareness 684 Test Disaster Recovery Plans 685 Read-Through/Tabletop 686 Walk-Through 687 Simulation 687 Parallel 687 Full Interruption 688 Participate in Business Continuity Planning and Exercises 688 Implement and Manage Physical Security 689 Physical Access Control 689 The Data Center 692 Address Personnel Safety and Security Concerns 693 Travel 693 Duress 693 Summary 694 Domain 8: Software Development Security 695 Understand and Integrate Security in the Software Development Lifecycle 696 Development Methodologies 696 Maturity Models 753 Operations and Maintenance 768 Change Management 770 Integrated Product Team 773 Identify and Apply Security Controls in Development Environments 776 Security of the Software Environment 777 Configuration Management as an Aspect of Secure Coding 796 Security of Code Repositories 798 Assess the Effectiveness of Software Security 802 Logging and Auditing of Changes 802 Risk Analysis and Mitigation 817 Assess the Security Impact of Acquired Software 835 Acquired Software Types 835 Software Acquisition Process 842 Relevant Standards 845 Software Assurance 848 Certification and Accreditation 852 Define and Apply Secure Coding Standards and Guidelines 853 Security Weaknesses and Vulnerabilities at the Source-Code Level 854 Security of Application Programming Interfaces 859 Secure Coding Practices 868 Summary 874 Index 875
Les mer

Relaterte produkter

The only official, comprehensive reference guide to the CISSP All new for 2019 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024. This CBK covers the new eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Written by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with: Common and good practices for each objective Common vocabulary and definitions References to widely accepted computing standards Highlights of successful approaches through case studies Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.
Les mer
Foreword xxv Introduction xxvii Domain 1: Security and Risk Management 1 Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2 Information Security 3 Evaluate and Apply Security Governance Principles 6 Alignment of Security Functions to Business Strategy, Goals, Mission, and Objectives 6 Vision, Mission, and Strategy 6 Governance 7 Due Care 10 Determine Compliance Requirements 11 Legal Compliance 12 Jurisdiction 12 Legal Tradition 12 Legal Compliance Expectations 13 Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context 13 Cyber Crimes and Data Breaches 14 Privacy 36 Understand, Adhere to, and Promote Professional Ethics 49 Ethical Decision-Making 49 Established Standards of Ethical Conduct 51 (ISC)(2) Ethical Practices 56 Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 57 Organizational Documents 58 Policy Development 61 Policy Review Process 61 Identify, Analyze, and Prioritize Business Continuity Requirements 62 Develop and Document Scope and Plan 62 Risk Assessment 70 Business Impact Analysis 71 Develop the Business Continuity Plan 73 Contribute to and Enforce Personnel Security Policies and Procedures 80 Key Control Principles 80 Candidate Screening and Hiring 82 Onboarding and Termination Processes 91 Vendor, Consultant, and Contractor Agreements and Controls 96 Privacy in the Workplace 97 Understand and Apply Risk Management Concepts 99 Risk 99 Risk Management Frameworks 99 Risk Assessment Methodologies 108 Understand and Apply Threat Modeling Concepts and Methodologies 111 Threat Modeling Concepts 111 Threat Modeling Methodologies 112 Apply Risk-Based Management Concepts to the Supply Chain 116 Supply Chain Risks 116 Supply Chain Risk Management 119 Establish and Maintain a Security Awareness, Education, and Training Program 121 Security Awareness Overview 122 Developing an Awareness Program 123 Training 127 Summary 128 Domain 2: Asset Security 131 Asset Security Concepts 131 Data Policy 132 Data Governance 132 Data Quality 133 Data Documentation 134 Data Organization 136 Identify and Classify Information and Assets 139 Asset Classification 141 Determine and Maintain Information and Asset Ownership 145 Asset Management Lifecycle 146 Software Asset Management 148 Protect Privacy 152 Cross-Border Privacy and Data Flow Protection 153 Data Owners 161 Data Controllers 162 Data Processors 163 Data Stewards 164 Data Custodians 164 Data Remanence 164 Data Sovereignty 168 Data Localization or Residency 169 Government and Law Enforcement Access to Data 171 Collection Limitation 172 Understanding Data States 173 Data Issues with Emerging Technologies 173 Ensure Appropriate Asset Retention 175 Retention of Records 178 Determining Appropriate Records Retention 178 Retention of Records in Data Lifecycle 179 Records Retention Best Practices 180 Determine Data Security Controls 181 Technical, Administrative, and Physical Controls 183 Establishing the Baseline Security 185 Scoping and Tailoring 186 Standards Selection 189 Data Protection Methods 198 Establish Information and Asset Handling Requirements 208 Marking and Labeling 208 Handling 209 Declassifying Data 210 Storage 211 Summary 212 Domain 3: Security Architecture and Engineering 213 Implement and Manage Engineering Processes Using Secure Design Principles 215 Saltzer and Schroeder's Principles 216 ISO/IEC 19249 221 Defense in Depth 229 Using Security Principles 230 Understand the Fundamental Concepts of Security Models 230 Bell-LaPadula Model 232 The Biba Integrity Model 234 The Clark-Wilson Model 235 The Brewer-Nash Model 235 Select Controls Based upon Systems Security Requirements 237 Understand Security Capabilities of Information Systems 241 Memory Protection 241 Virtualization 244 Secure Cryptoprocessor 247 Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 253 Client-Based Systems 254 Server-Based Systems 255 Database Systems 257 Cryptographic Systems 260 Industrial Control Systems 267 Cloud-Based Systems 271 Distributed Systems 274 Internet of Things 275 Assess and Mitigate Vulnerabilities in Web-Based Systems 278 Injection Vulnerabilities 279 Broken Authentication 280 Sensitive Data Exposure 283 XML External Entities 284 Broken Access Control 284 Security Misconfiguration 285 Cross-Site Scripting 285 Using Components with Known Vulnerabilities 286 Insufficient Logging and Monitoring 286 Cross-Site Request Forgery 287 Assess and Mitigate Vulnerabilities in Mobile Systems 287 Passwords 288 Multifactor Authentication 288 Session Lifetime 289 Wireless Vulnerabilities 290 Mobile Malware 290 Unpatched Operating System or Browser 290 Insecure Devices 291 Mobile Device Management 291 Assess and Mitigate Vulnerabilities in Embedded Devices 292 Apply Cryptography 295 Cryptographic Lifecycle 295 Cryptographic Methods 298 Public Key Infrastructure 311 Key Management Practices 315 Digital Signatures 318 Non-Repudiation 320 Integrity 321 Understand Methods of Cryptanalytic Attacks 325 Digital Rights Management 339 Apply Security Principles to Site and Facility Design 342 Implement Site and Facility Security Controls 343 Physical Access Controls 343 Wiring Closets/Intermediate Distribution Facilities 345 Server Rooms/Data Centers 346 Media Storage Facilities 348 Evidence Storage 349 Restricted and Work Area Security 349 Utilities and Heating, Ventilation, and Air Conditioning 351 Environmental Issues 355 Fire Prevention, Detection, and Suppression 358 Summary 362 Domain 4: Communication and Network Security 363 Implement Secure Design Principles in Network Architectures 364 Open Systems Interconnection and Transmission Control Protocol/Internet Protocol Models 365 Internet Protocol Networking 382 Implications of Multilayer Protocols 392 Converged Protocols 394 Software-Defined Networks 395 Wireless Networks 396 Internet, Intranets, and Extranets 409 Demilitarized Zones 410 Virtual LANs 410 Secure Network Components 411 Firewalls 412 Network Address Translation 418 Intrusion Detection System 421 Security Information and Event Management 422 Network Security from Hardware Devices 423 Transmission Media 429 Endpoint Security 442 Implementing Defense in Depth 447 Content Distribution Networks 448 Implement Secure Communication Channels According to Design 449 Secure Voice Communications 449 Multimedia Collaboration 452 Remote Access 458 Data Communications 466 Virtualized Networks 470 Summary 481 Domain 5: Identity and Access Management 483 Control Physical and Logical Access to Assets 484 Information 485 Systems 486 Devices 487 Facilities 488 Manage Identification and Authentication of People, Devices, and Services 492 Identity Management Implementation 494 Single Factor/Multifactor Authentication 496 Accountability 511 Session Management 511 Registration and Proofing of Identity 513 Federated Identity Management 520 Credential Management Systems 524 Integrate Identity as a Third-Party Service 525 On-Premise 526 Cloud 527 Federated 527 Implement and Manage Authorization Mechanisms 528 Role-Based Access Control 528 Rule-Based Access Control 529 Mandatory Access Control 530 Discretionary Access Control 531 Attribute-Based Access Control 531 Manage the Identity and Access Provisioning Lifecycle 533 User Access Review 534 System Account Access Review 535 Provisioning and Deprovisioning 535 Auditing and Enforcement 536 Summary 537 Domain 6: Security Assessment and Testing 539 Design and Validate Assessment, Test, and Audit Strategies 540 Assessment Standards 543 Conduct Security Control Testing 545 Vulnerability Assessment 546 Penetration Testing 554 Log Reviews 564 Synthetic Transactions 565 Code Review and Testing 567 Misuse Case Testing 571 Test Coverage Analysis 573 Interface Testing 574 Collect Security Process Data 575 Account Management 577 Management Review and Approval 579 Key Performance and Risk Indicators 580 Backup Verification Data 583 Training and Awareness 584 Disaster Recovery and Business Continuity 585 Analyze Test Output and Generate Report 587 Conduct or Facilitate Security Audits 590 Internal Audits 591 External Audits 591 Third-Party Audits 592 Integrating Internal and External Audits 593 Auditing Principles 593 Audit Programs 594 Summary 596 Domain 7: Security Operations 597 Understand and Support Investigations 598 Evidence Collection and Handling 599 Reporting and Documentation 601 Investigative Techniques 602 Digital Forensics Tools, Techniques, and Procedures 604 Understand Requirements for Investigation Types 610 Administrative 611 Criminal 613 Civil 614 Regulatory 616 Industry Standards 616 Conduct Logging and Monitoring Activities 617 Define Auditable Events 618 Time 619 Protect Logs 620 Intrusion Detection and Prevention 621 Security Information and Event Management 623 Continuous Monitoring 625 Ingress Monitoring 629 Egress Monitoring 631 Securely Provision Resources 632 Asset Inventory 632 Asset Management 634 Configuration Management 635 Understand and Apply Foundational Security Operations Concepts 637 Need to Know/Least Privilege 637 Separation of Duties and Responsibilities 638 Privileged Account Management 640 Job Rotation 642 Information Lifecycle 643 Service Level Agreements 644 Apply Resource Protection Techniques to Media 647 Marking 647 Protecting 647 Transport 648 Sanitization and Disposal 649 Conduct Incident Management 650 An Incident Management Program 651 Detection 653 Response 656 Mitigation 657 Reporting 658 Recovery 661 Remediation 661 Lessons Learned 661 Third-Party Considerations 662 Operate and Maintain Detective and Preventative Measures 663 White-listing/Black-listing 665 Third-Party Security Services 665 Honeypots/Honeynets 667 Anti-Malware 667 Implement and Support Patch and Vulnerability Management 670 Understand and Participate in Change Management Processes 672 Implement Recovery Strategies 673 Backup Storage Strategies 673 Recovery Site Strategies 676 Multiple Processing Sites 678 System Resilience, High Availability, Quality of Service, and Fault Tolerance 679 Implement Disaster Recovery Processes 679 Response 680 Personnel 680 Communications 682 Assessment 682 Restoration 683 Training and Awareness 684 Test Disaster Recovery Plans 685 Read-Through/Tabletop 686 Walk-Through 687 Simulation 687 Parallel 687 Full Interruption 688 Participate in Business Continuity Planning and Exercises 688 Implement and Manage Physical Security 689 Physical Access Control 689 The Data Center 692 Address Personnel Safety and Security Concerns 693 Travel 693 Duress 693 Summary 694 Domain 8: Software Development Security 695 Understand and Integrate Security in the Software Development Lifecycle 696 Development Methodologies 696 Maturity Models 753 Operations and Maintenance 768 Change Management 770 Integrated Product Team 773 Identify and Apply Security Controls in Development Environments 776 Security of the Software Environment 777 Configuration Management as an Aspect of Secure Coding 796 Security of Code Repositories 798 Assess the Effectiveness of Software Security 802 Logging and Auditing of Changes 802 Risk Analysis and Mitigation 817 Assess the Security Impact of Acquired Software 835 Acquired Software Types 835 Software Acquisition Process 842 Relevant Standards 845 Software Assurance 848 Certification and Accreditation 852 Define and Apply Secure Coding Standards and Guidelines 853 Security Weaknesses and Vulnerabilities at the Source-Code Level 854 Security of Application Programming Interfaces 859 Secure Coding Practices 868 Summary 874 Index 875
Les mer

Produktdetaljer

ISBN
9781119423348
Publisert
2019-06-07
Utgiver
Vendor
John Wiley & Sons Inc
Vekt
1490 gr
Høyde
263 mm
Bredde
173 mm
Dybde
51 mm
Aldersnivå
06, P
Språk
Product language
Engelsk
Format
Product format
Innbundet
Antall sider
928

Forfatter
Warsinske, John
Graff, Mark
Henry, Kevin
Hoover, Christopher
Malisow, Ben
Murphy, Sean
Oakes, C. Paul
Pajari, George
Parker, Jeff T.
Seidl, David

Biographical note

This common body of knowledge is written and reviewed by a collection of experienced CISSP experts from a range of information security roles and organizations.

Relaterte produkter